Megalinter
To lint all the source code Megalinter by OX Security is used.
Linters configuration could be changed in supplied .mega-linter.yml using the configuration notes
at https://megalinter.io/latest/config-file.
To avoid trying miriades of supported linters it's good idead to disable some of them in .mega-linter.yml or use '
flavor' image as described.
ENV variables and image could be changed
in megalinter cluster workflow template
JSON report as well as SARIF are saved as S3 output artifacts for further observation.
Inputs:
{{workflow.parameters.repo}}{{workflow.parameters.tag}}{{workflow.parameters.dockerhub-registry-proxy}}{{workflow.parameters.workload-name}}{{workflow.parameters.wl-service-name}}{{workflow.parameters.wl-service-dir}}
Outputs:
- name: megalinter-report-sarif
path: /tmp/megalinter-report.sarif
s3:
key: "{{workflow.parameters.workload-name}}/{{workflow.parameters.tag}}/{{workflow.parameters.wl-service-name}}-megalinter-report-sarif"
- name: megalinter-report-json
path: /tmp/mega-linter-report.json
s3:
key: "{{workflow.parameters.workload-name}}/{{workflow.parameters.tag}}/{{workflow.parameters.wl-service-name}}-megalinter-report-json"